hxxps://danielcacereslopez[.]com/Mnc5VTJtNDI1aTBQNjE=

Analysis

max time kernel
300s
max time network
272s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
28/08/2023, 22:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://danielcacereslopez.com/Mnc5VTJtNDI1aTBQNjE=

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133377346442741969"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
768	chrome.exe
768	chrome.exe
2492	chrome.exe
2492	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
768	chrome.exe
768	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe
Token: SeShutdownPrivilege	768	chrome.exe
Token: SeCreatePagefilePrivilege	768	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe
768	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 768 wrote to memory of 2500	768	chrome.exe	31
PID 768 wrote to memory of 2500	768	chrome.exe	31
PID 768 wrote to memory of 5040	768	chrome.exe	83
PID 768 wrote to memory of 5040	768	chrome.exe	83
PID 768 wrote to memory of 5040	768	chrome.exe	83
PID 768 wrote to memory of 5040	768	chrome.exe	83
PID 768 wrote to memory of 5040	768	chrome.exe	83
PID 768 wrote to memory of 5040	768	chrome.exe	83
PID 768 wrote to memory of 5040	768	chrome.exe	83
PID 768 wrote to memory of 5040	768	chrome.exe	83
PID 768 wrote to memory of 5040	768	chrome.exe	83
PID 768 wrote to memory of 5040	768	chrome.exe	83
PID 768 wrote to memory of 5040	768	chrome.exe	83
PID 768 wrote to memory of 5040	768	chrome.exe	83
PID 768 wrote to memory of 5040	768	chrome.exe	83
PID 768 wrote to memory of 5040	768	chrome.exe	83
PID 768 wrote to memory of 5040	768	chrome.exe	83
PID 768 wrote to memory of 5040	768	chrome.exe	83
PID 768 wrote to memory of 5040	768	chrome.exe	83
PID 768 wrote to memory of 5040	768	chrome.exe	83
PID 768 wrote to memory of 5040	768	chrome.exe	83
PID 768 wrote to memory of 5040	768	chrome.exe	83
PID 768 wrote to memory of 5040	768	chrome.exe	83
PID 768 wrote to memory of 5040	768	chrome.exe	83
PID 768 wrote to memory of 5040	768	chrome.exe	83
PID 768 wrote to memory of 5040	768	chrome.exe	83
PID 768 wrote to memory of 5040	768	chrome.exe	83
PID 768 wrote to memory of 5040	768	chrome.exe	83
PID 768 wrote to memory of 5040	768	chrome.exe	83
PID 768 wrote to memory of 5040	768	chrome.exe	83
PID 768 wrote to memory of 5040	768	chrome.exe	83
PID 768 wrote to memory of 5040	768	chrome.exe	83
PID 768 wrote to memory of 5040	768	chrome.exe	83
PID 768 wrote to memory of 5040	768	chrome.exe	83
PID 768 wrote to memory of 5040	768	chrome.exe	83
PID 768 wrote to memory of 5040	768	chrome.exe	83
PID 768 wrote to memory of 5040	768	chrome.exe	83
PID 768 wrote to memory of 5040	768	chrome.exe	83
PID 768 wrote to memory of 5040	768	chrome.exe	83
PID 768 wrote to memory of 5040	768	chrome.exe	83
PID 768 wrote to memory of 4928	768	chrome.exe	84
PID 768 wrote to memory of 4928	768	chrome.exe	84
PID 768 wrote to memory of 4444	768	chrome.exe	85
PID 768 wrote to memory of 4444	768	chrome.exe	85
PID 768 wrote to memory of 4444	768	chrome.exe	85
PID 768 wrote to memory of 4444	768	chrome.exe	85
PID 768 wrote to memory of 4444	768	chrome.exe	85
PID 768 wrote to memory of 4444	768	chrome.exe	85
PID 768 wrote to memory of 4444	768	chrome.exe	85
PID 768 wrote to memory of 4444	768	chrome.exe	85
PID 768 wrote to memory of 4444	768	chrome.exe	85
PID 768 wrote to memory of 4444	768	chrome.exe	85
PID 768 wrote to memory of 4444	768	chrome.exe	85
PID 768 wrote to memory of 4444	768	chrome.exe	85
PID 768 wrote to memory of 4444	768	chrome.exe	85
PID 768 wrote to memory of 4444	768	chrome.exe	85
PID 768 wrote to memory of 4444	768	chrome.exe	85
PID 768 wrote to memory of 4444	768	chrome.exe	85
PID 768 wrote to memory of 4444	768	chrome.exe	85
PID 768 wrote to memory of 4444	768	chrome.exe	85
PID 768 wrote to memory of 4444	768	chrome.exe	85
PID 768 wrote to memory of 4444	768	chrome.exe	85
PID 768 wrote to memory of 4444	768	chrome.exe	85
PID 768 wrote to memory of 4444	768	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://danielcacereslopez.com/Mnc5VTJtNDI1aTBQNjE=
1⤵
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf7689758,0x7ffaf7689768,0x7ffaf7689778
  2⤵
  PID:2500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1840,i,5112132604016352289,12685861017027296692,131072 /prefetch:2
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1840,i,5112132604016352289,12685861017027296692,131072 /prefetch:8
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2208 --field-trial-handle=1840,i,5112132604016352289,12685861017027296692,131072 /prefetch:8
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3188 --field-trial-handle=1840,i,5112132604016352289,12685861017027296692,131072 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3228 --field-trial-handle=1840,i,5112132604016352289,12685861017027296692,131072 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1840,i,5112132604016352289,12685861017027296692,131072 /prefetch:8
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5168 --field-trial-handle=1840,i,5112132604016352289,12685861017027296692,131072 /prefetch:8
  2⤵
  PID:3680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1860 --field-trial-handle=1840,i,5112132604016352289,12685861017027296692,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2492

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4296

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
2b178025530edff48355a94836906e8c

SHA1
04fb240f580b61a54f80367fda514f7d0890a12e

SHA256
81c5d61c5577a7c3035f4fdbdce5ea0d3d8bfefd089745166bfb80b805f631b0

SHA512
4ed80278e044a8b4fb3cf0dc2f791e922f89db2e2fc9bdf57b26a0adcec64bb9eceff06f9ebb48a261229255aeb25ca46e2062a5c039e2ab08d3afbeb2893f86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
fcd7b784b2145123fe6450f5b10e4711

SHA1
abd3d23b0239303ae8909bc14ea85cef8972b29d

SHA256
7005b5be70a7c625fc7423e68f760b8a5b9a4b93dc3a2a3aefa038c6b0b5d256

SHA512
6f7a18e63799283a8470ae371a0d4a529be22700f6864000fd170c1530ca5b4dc9376c6d7a7f2e7e5e3f2d8df5d863d37f5cc82c2916ea2a3d3658aca7c23424

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5b23e9de75b19ad958d6f37779d382d5

SHA1
129973ddea12402f77bd50d37b5fec228212464a

SHA256
c5fcb2a5620d315fd6b5a4b799de193f3ffdfa4770ffd2f969841a98efc29c81

SHA512
ff55543c9cd6c2b8c46a2032f034db6c60bfda34ec3ad98b5a0b90993ac9ac0012d654c6b799095b3efb63d097c9471d483d3d7adba755ea4721174524cdfe1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
d7d4735d10045393c1593c33ef0ad0eb

SHA1
1f18a1750f70ad1ffacbb2dab85aa4cb0d9863a4

SHA256
6b151c9f3045ab3c50eb4b7fa79f8b3269bdebdf6b33bb21b7d27c58131dde7a

SHA512
6b45c7dc5e9680eb7058db0d059959a0a3ad0758d81686804c9587a901ae77cfa6a06892ca6efd720477ba1b995773f9b8448adcc92359f8031b174bd651470b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit